diff --git a/public/templates/show_genre_browse_form.inc.php b/public/templates/show_genre_browse_form.inc.php
index bc5df48827..e3b8efb05d 100644
--- a/public/templates/show_genre_browse_form.inc.php
+++ b/public/templates/show_genre_browse_form.inc.php
@@ -4,24 +4,25 @@
use Ampache\Repository\Model\Video;
use Ampache\Repository\VideoRepositoryInterface;
+/** @var string $browse_type */
+
global $dic;
$videoRepository = $dic->get(VideoRepositoryInterface::class);
-$web_path = AmpConfig::get('web_path');
-$filter_str = (string) filter_input(INPUT_GET, 'type', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES); ?>
+$web_path = AmpConfig::get('web_path'); ?>
-
+
-
+
-
+
getItemCount(Video::class)) { ?>
-
+
diff --git a/src/Module/Application/Browse/TagAction.php b/src/Module/Application/Browse/TagAction.php
index 52ff1e9e96..d35120af93 100644
--- a/src/Module/Application/Browse/TagAction.php
+++ b/src/Module/Application/Browse/TagAction.php
@@ -70,7 +70,8 @@ public function run(ServerRequestInterface $request, GuiGatekeeperInterface $gat
// FIXME: This whole thing is ugly, even though it works.
$browse->set_sort('count', 'ASC');
// This one's a doozy
- $browse_type = array_key_exists('type', $_REQUEST) ? $this->requestParser->getFromRequest('type') : 'artist';
+ $request_type = $this->requestParser->getFromRequest('type');
+ $browse_type = ($browse->is_valid_type($request_type)) ? $request_type : 'artist';
$browse->set_simple_browse(false);
$browse->save_objects(Tag::get_tags($browse_type, 0, 'name')); // Should add a pager?
$object_ids = $browse->get_saved();
diff --git a/src/Repository/Model/Browse.php b/src/Repository/Model/Browse.php
index 79472d540c..307ce4c3b1 100644
--- a/src/Repository/Model/Browse.php
+++ b/src/Repository/Model/Browse.php
@@ -41,6 +41,38 @@
*/
class Browse extends Query
{
+ private const BROWSE_TYPES = array(
+ 'song',
+ 'album',
+ 'user',
+ 'artist',
+ 'live_stream',
+ 'playlist',
+ 'playlist_media',
+ 'playlist_localplay',
+ 'smartplaylist',
+ 'catalog',
+ 'shoutbox',
+ 'tag',
+ 'video',
+ 'wanted',
+ 'share',
+ 'song_preview',
+ 'channel',
+ 'broadcast',
+ 'license',
+ 'tvshow',
+ 'tvshow_season',
+ 'tvshow_episode',
+ 'movie',
+ 'clip',
+ 'personal_video',
+ 'label',
+ 'pvmsg',
+ 'podcast',
+ 'podcast_episode'
+ );
+
/**
* @var boolean $show_header
*/
@@ -86,6 +118,19 @@ public function set_simple_browse($value)
$this->set_is_simple($value);
} // set_simple_browse
+ /**
+ * is_valid_type
+ * This sets the current browse object to a 'simple' browse method
+ * which means use the base query provided and expand from there
+ *
+ * @param string $type
+ * @return bool
+ */
+ public function is_valid_type($type)
+ {
+ return in_array($type, self::BROWSE_TYPES);
+ } // set_simple_browse
+
/**
* add_supplemental_object
* Legacy function, need to find a better way to do that
@@ -425,34 +470,36 @@ public function show_next_link($argument = null)
/**
*
- * @param string $type
+ * @param string is_valid_type
* @param string $custom_base
*/
public function set_type($type, $custom_base = '')
{
- $name = 'browse_' . $type . '_pages';
- if ((filter_has_var(INPUT_COOKIE, $name))) {
- $this->set_use_pages(filter_input(INPUT_COOKIE, $name, FILTER_SANITIZE_STRING,
- FILTER_FLAG_NO_ENCODE_QUOTES) == 'true');
- }
- $name = 'browse_' . $type . '_alpha';
- if ((filter_has_var(INPUT_COOKIE, $name))) {
- $this->set_use_alpha(filter_input(INPUT_COOKIE, $name, FILTER_SANITIZE_STRING,
- FILTER_FLAG_NO_ENCODE_QUOTES) == 'true');
- } else {
- $default_alpha = (!AmpConfig::get('libitem_browse_alpha')) ? array() : explode(",",
- AmpConfig::get('libitem_browse_alpha'));
- if (in_array($type, $default_alpha)) {
- $this->set_use_alpha(true, false);
+ if (self::is_valid_type($type)) {
+ $name = 'browse_' . $type . '_pages';
+ if ((filter_has_var(INPUT_COOKIE, $name))) {
+ $this->set_use_pages(filter_input(INPUT_COOKIE, $name, FILTER_SANITIZE_STRING,
+ FILTER_FLAG_NO_ENCODE_QUOTES) == 'true');
+ }
+ $name = 'browse_' . $type . '_alpha';
+ if ((filter_has_var(INPUT_COOKIE, $name))) {
+ $this->set_use_alpha(filter_input(INPUT_COOKIE, $name, FILTER_SANITIZE_STRING,
+ FILTER_FLAG_NO_ENCODE_QUOTES) == 'true');
+ } else {
+ $default_alpha = (!AmpConfig::get('libitem_browse_alpha')) ? array() : explode(",",
+ AmpConfig::get('libitem_browse_alpha'));
+ if (in_array($type, $default_alpha)) {
+ $this->set_use_alpha(true, false);
+ }
+ }
+ $name = 'browse_' . $type . '_grid_view';
+ if ((filter_has_var(INPUT_COOKIE, $name))) {
+ $this->set_grid_view(filter_input(INPUT_COOKIE, $name, FILTER_SANITIZE_STRING,
+ FILTER_FLAG_NO_ENCODE_QUOTES) == 'true');
}
- }
- $name = 'browse_' . $type . '_grid_view';
- if ((filter_has_var(INPUT_COOKIE, $name))) {
- $this->set_grid_view(filter_input(INPUT_COOKIE, $name, FILTER_SANITIZE_STRING,
- FILTER_FLAG_NO_ENCODE_QUOTES) == 'true');
- }
- parent::set_type($type, $custom_base);
+ parent::set_type($type, $custom_base);
+ }
}
/**